URL:
https://github.com/SSSD/sssd/pull/854
Title: #854: LDAP: Do not require START_TLS for loopback connections
jhrozek commented:
"""
@simo5 this is one of the things I don't dare to include in the project without your
blessing :-)
So me and @scabrero talked about this over e-mail initially. There are some people who
would like to run an LDAP server on ldap://localhost. While we both agreed that supporting
ldapi:// might be a better way, what do you think allowing non-encrypted auth towards
localhost?
I was thinking about someone listening to the traffic on the localhost, but then you need
either root or at least CAP_NET_RAW/CAP_NET_ADMIN..
"""
See the full comment at
https://github.com/SSSD/sssd/pull/854#issuecomment-514751512